Commits

Kai Diefenbach committed 8c17b85

First version of local roles

  • Participants
  • Parent commits 4de01e4

Comments (0)

Files changed (6)

File docs/index.rst

 .. toctree::
    :maxdepth: 1
    
+   overview.rst
    installation.rst
    usage/index.rst
    api.rst

File docs/overview.rst

+========
+Overview
+========
+
+Permissions
+===========
+Permissions are granted to roles in order to allow the roles something.
+
+Roles
+=====
+Roles are used to grant permissions. Typical roles are *Manager* or *Editor*.
+
+Users and Groups
+================
+* Users can be member of several groups.
+* User and groups can have roles.
+* User and groups can have local roles, that is roles for a specific object.
+* Users "inherit" all roles of their groups.
+* Users "inherit" all permissions of their roles

File permissions/admin.py

 
 from permissions.models import Permission
 admin.site.register(Permission)
+
+from permissions.models import Role
+admin.site.register(Role)
+
+from permissions.models import PrincipalRoleRelation
+admin.site.register(PrincipalRoleRelation)

File permissions/models.py

 from django.contrib.contenttypes.models import ContentType
 from django.utils.translation import ugettext_lazy as _
 
+class PermissionBase(models.Model):
+    """Mix-in class for permissions.
+    """
+    def add_role(self, principal, role):
+        """Adds a local role for the principal to the object.
+        """
+        permissions.utils.add_role(principal, role, self)
+
+    def remove_roles(self, principal):
+        """Removes all local roles for the passed principal from the object.
+        """
+        permissions.utils.remove_roles(principal, role, self)
+
 class Permission(models.Model):
     """A permission which can be granted to users/groups and objects.
 
     **Attributes:**
 
-        name
-            The unique name of the permission. This is displayed to users.
-        codename
-            The unique codename of the permission. This is used internal to
-            identify a permission.
-        content_types
-            The content types for which the permission is active. This can be
-            used to display only reasonable permissions for an object.
+    name
+        The unique name of the permission. This is displayed to users.
+
+    codename
+        The unique codename of the permission. This is used internal to
+        identify a permission.
+
+    content_types
+        The content types for which the permission is active. This can be
+        used to display only reasonable permissions for an object.
     """
     name = models.CharField(_(u"Name"), max_length=100, unique=True)
     codename = models.CharField(_(u"Codename"), max_length=100, unique=True)
 
     **Attributes:**
 
-        group
-            The group for which the permission is granted. Either this xor the
-            user must be given.
-        user
-            The user for which the permission is granted. Either this xor the
-            user must be given.
-        permission
-            The permission which is granted.
-        content
-            The object for which the permission is granted.
+    role
+        The role for which the permission is granted.
+
+    permission
+        The permission which is granted.
+
+    content
+        The object for which the permission is granted.
     """
-    group = models.ForeignKey(Group, verbose_name=_(u"Group"), blank=True, null=True)
-    user = models.ForeignKey(User, verbose_name=_(u"User"), blank=True, null=True)
+    role = models.ForeignKey("Role", verbose_name=_(u"Role"), blank=True, null=True)
     permission = models.ForeignKey(Permission, verbose_name=_(u"Permission"))
 
     content_type = models.ForeignKey(ContentType, verbose_name=_(u"Content type"))
     content = generic.GenericForeignKey(ct_field="content_type", fk_field="content_id")
 
     def __unicode__(self):
-        if self.group:
-            principal = self.group
+        if self.role:
+            principal = self.role
         else:
             principal = self.user
 
         return "%s / %s / %s - %s" % (self.permission.name, principal, self.content_type, self.content_id)
 
+    def get_principal(self):
+        """Returns the principal.
+        """
+        return self.user or self.group
+
+    def set_principal(self, principal):
+        """Sets the principal.
+        """
+        if isinstance(principal, User):
+            self.user = principal
+        else:
+            self.group = principal
+
+    principal = property(get_principal, set_principal)
+
 class ObjectPermissionInheritanceBlock(models.Model):
     """Blocks the inheritance for specific permission and object.
 
     **Attributes:**
 
-        permission
-            The permission for which inheritance is blocked.
-        content
-            The object for which the inheritance is blocked.
+    permission
+        The permission for which inheritance is blocked.
+
+    content
+        The object for which the inheritance is blocked.
     """
     permission = models.ForeignKey(Permission, verbose_name=_(u"Permission"))
 
 
     def __unicode__(self):
         return "%s / %s - %s" % (self.permission, self.content_type, self.content_id)
+
+class Role(models.Model):
+    """A role getting permissions for content objects. A role is the only way
+    to grant permissions to user and groups.
+
+    **Attributes:**
+
+    name
+        The unique name of the role
+    """
+    name = models.CharField(max_length=100, unique=True)
+
+    class Meta:
+        ordering = ("name", )
+
+    def __unicode__(self):
+        return self.name
+
+    def add_principal(self, principal, content=None):
+        """
+        """
+        if isinstance(principal, User):
+            PrincipalRoleRelation.objects.create(user=principal, role=self)
+        else:
+            PrincipalRoleRelation.objects.create(group=principal, role=self)
+
+    def get_groups(self, content=None):
+        """Returns all groups which has this role assigned.
+        """
+        return PrincipalRoleRelation.objects.filter(role=self, content=content)
+
+    def get_users(self, content=None):
+        """Returns all users which has this role assigned.
+        """
+        return PrincipalRoleRelation.objects.filter(role=self, content=content)
+
+class PrincipalRoleRelation(models.Model):
+    """A role given to a principal user or group. If a content object is passed
+    this is a local role only for the given content object. Otherwise it is
+    a global role.
+
+    user
+        A user instance. Either a user xor a group needs to be given.
+
+    group
+        A group instance. Either a user xor a group needs to be given.
+
+    role
+        The role which is given to the principal for content.
+
+    content
+        The content object which gets the local role.
+    """
+    user = models.ForeignKey(User, verbose_name=_(u"User"), blank=True, null=True)
+    group = models.ForeignKey(Group, verbose_name=_(u"Group"), blank=True, null=True)
+    role = models.ForeignKey(Role, verbose_name=_(u"Role"))
+
+    content_type = models.ForeignKey(ContentType, verbose_name=_(u"Content type"), blank=True, null=True)
+    content_id = models.PositiveIntegerField(verbose_name=_(u"Content id"), blank=True, null=True)
+    content = generic.GenericForeignKey(ct_field="content_type", fk_field="content_id")
+
+    def get_principal(self):
+        """Returns the principal.
+        """
+        return self.user or self.group
+
+    def set_principal(self, principal):
+        """Sets the principal.
+        """
+        if isinstance(principal, User):
+            self.user = principal
+        else:
+            self.group = principal
+
+    principal = property(get_principal, set_principal)

File permissions/tests.py

 from permissions.models import Permission
 from permissions.models import ObjectPermission
 from permissions.models import ObjectPermissionInheritanceBlock
+from permissions.models import Role
+
 import permissions.utils
 
+class RoleTestCase(TestCase):
+    """
+    """
+    def setUp(self):
+        """
+        """
+        self.role_1 = permissions.utils.register_role("Role 1")
+        self.role_2 = permissions.utils.register_role("Role 2")
+
+        self.user = User.objects.create(username="john")
+
+        self.page_1 = FlatPage.objects.create(url="/page-1/", title="Page 1")
+        self.page_2 = FlatPage.objects.create(url="/page-1/", title="Page 2")
+
+    def test_global_roles(self):
+        """
+        """
+        # Add role 1    
+        result = permissions.utils.add_role(self.user, self.role_1)
+        self.assertEqual(result, True)
+
+        # Add role 1 again
+        result = permissions.utils.add_role(self.user, self.role_1)
+        self.assertEqual(result, False)
+
+        result = permissions.utils.get_roles(self.user)
+        self.assertEqual(result, [self.role_1])
+
+        # Add role 2
+        result = permissions.utils.add_role(self.user, self.role_2)
+        self.assertEqual(result, True)
+
+        result = permissions.utils.get_roles(self.user)
+        self.assertEqual(result, [self.role_1, self.role_2])
+        
+        # Remove role 1
+        result = permissions.utils.remove_role(self.user, self.role_1)
+        self.assertEqual(result, True)
+
+        # Remove role 1 again
+        result = permissions.utils.remove_role(self.user, self.role_1)
+        self.assertEqual(result, False)
+
+        result = permissions.utils.get_roles(self.user)
+        self.assertEqual(result, [self.role_2])
+
+        # Remove role 2
+        result = permissions.utils.remove_role(self.user, self.role_2)
+        self.assertEqual(result, True)
+
+        result = permissions.utils.get_roles(self.user)
+        self.assertEqual(result, [])
+
 class PermissionTestCase(TestCase):
     """
     """
     def setUp(self):
         """
         """
-        self.group_1 = permissions.utils.register_group("Group 1")
-        self.group_2 = permissions.utils.register_group("Group 2")
+        self.role_1 = permissions.utils.register_role("Role 1")
+        self.role_2 = permissions.utils.register_role("Role 2")
 
         self.user = User.objects.create(username="john")
-        self.user.groups.add(self.group_1)
-        self.user.groups.add(self.group_2)
+        permissions.utils.add_role(self.user, self.role_1)
         self.user.save()
 
         self.page_1 = FlatPage.objects.create(url="/page-1/", title="Page 1")
 
         self.permission = permissions.utils.register_permission("View", "view")
 
-    def test_has_permission_group(self):
+    def test_has_permission_role(self):
         """
         """
         result = permissions.utils.has_permission(self.page_1, "view", self.user)
         self.assertEqual(result, False)
 
-        result = permissions.utils.grant_permission(self.page_1, self.permission, self.group_1)
+        result = permissions.utils.grant_permission(self.page_1, self.permission, self.role_1)
         self.assertEqual(result, True)
 
         result = permissions.utils.has_permission(self.page_1, "view", self.user)
         self.assertEqual(result, True)
 
-        result = permissions.utils.remove_permission(self.page_1, "view", self.group_1)
+        result = permissions.utils.remove_permission(self.page_1, "view", self.role_1)
         self.assertEqual(result, True)
 
         result = permissions.utils.has_permission(self.page_1, "view", self.user)
         result = permissions.utils.has_permission(self.page_1, "view", creator)
         self.assertEqual(result, False)
 
-        owner = permissions.utils.register_group("Owner")
+        owner = permissions.utils.register_role("Owner")
         permissions.utils.grant_permission(self.page_1, "view", owner)
 
         result = permissions.utils.has_permission(self.page_1, "view", creator, [owner])
         self.assertEqual(result, True)
 
-    def test_has_permission_user(self):
+    def test_local_role(self):
         """
         """
         result = permissions.utils.has_permission(self.page_1, "view", self.user)
         self.assertEqual(result, False)
 
-        result = permissions.utils.grant_permission(self.page_1, self.permission, self.user)
-        self.assertEqual(result, True)
+        permissions.utils.grant_permission(self.page_1, self.permission, self.role_2)
+        permissions.utils.add_local_role(self.page_1, self.user, self.role_2)
 
         result = permissions.utils.has_permission(self.page_1, "view", self.user)
         self.assertEqual(result, True)
 
-        result = permissions.utils.remove_permission(self.page_1, "view", self.user)
-        self.assertEqual(result, True)
-
-        result = permissions.utils.has_permission(self.page_1, "view", self.user)
-        self.assertEqual(result, False)
-
     def test_ineritance(self):
         """
         """
         self.assertEqual(self.permission.__unicode__(), "View (view)")
 
         # ObjectPermission
-        permissions.utils.grant_permission(self.page_1, self.permission, self.group_1)
-        opr = ObjectPermission.objects.get(permission=self.permission, group=self.group_1)
-        self.assertEqual(opr.__unicode__(), "View / Group 1 / flat page - 1")
-
-        permissions.utils.grant_permission(self.page_1, self.permission, self.user)
-        opr = ObjectPermission.objects.get(permission=self.permission, user=self.user)
-        self.assertEqual(opr.__unicode__(), "View / john / flat page - 1")
+        permissions.utils.grant_permission(self.page_1, self.permission, self.role_1)
+        opr = ObjectPermission.objects.get(permission=self.permission, role=self.role_1)
+        self.assertEqual(opr.__unicode__(), "View / Role 1 / flat page - 1")
 
         # ObjectPermissionInheritanceBlock
         permissions.utils.add_inheritance_block(self.page_1, self.permission)
 class RegistrationTestCase(TestCase):
     """Tests the registration of different components.
     """
-    def test_group(self):
-        """Tests registering/unregistering of a group.
+    def test_role(self):
+        """Tests registering/unregistering of a role.
         """
-        # Register a group
-        result = permissions.utils.register_group("Brights")
-        self.failUnless(isinstance(result, Group))
+        # Register a role
+        result = permissions.utils.register_role("Editor")
+        self.failUnless(isinstance(result, Role))
 
         # It's there
-        group = Group.objects.get(name="Brights")
-        self.assertEqual(group.name, "Brights")
+        role = Role.objects.get(name="Editor")
+        self.assertEqual(role.name, "Editor")
 
-        # Trying to register another group with same name
-        result = permissions.utils.register_group("Brights")
+        # Trying to register another role with same name
+        result = permissions.utils.register_role("Editor")
         self.assertEqual(result, False)
 
-        group = Group.objects.get(name="Brights")
-        self.assertEqual(group.name, "Brights")
+        role = Role.objects.get(name="Editor")
+        self.assertEqual(role.name, "Editor")
 
-        # Unregister the group
-        result = permissions.utils.unregister_group("Brights")
+        # Unregister the role
+        result = permissions.utils.unregister_role("Editor")
         self.assertEqual(result, True)
 
         # It's not there anymore
-        self.assertRaises(Group.DoesNotExist, Group.objects.get, name="Brights")
+        self.assertRaises(Role.DoesNotExist, Role.objects.get, name="Editor")
 
-        # Trying to unregister the group again
-        result = permissions.utils.unregister_group("Brights")
+        # Trying to unregister the role again
+        result = permissions.utils.unregister_role("Editor")
         self.assertEqual(result, False)
 
     def test_permission(self):

File permissions/utils.py

 # django imports
 from django.db import IntegrityError
 from django.contrib.auth.models import User
-from django.contrib.auth.models import Group
 from django.contrib.contenttypes.models import ContentType
 from django.core.exceptions import ObjectDoesNotExist
 
 from permissions.models import ObjectPermission
 from permissions.models import ObjectPermissionInheritanceBlock
 from permissions.models import Permission
+from permissions.models import PrincipalRoleRelation
+from permissions.models import Role
 
-# Permission #################################################################
+# Roles ######################################################################
 
-def grant_permission(obj, permission, user_group):
+def add_role(principal, role):
+    """Adds a global role to a principal.
+
+    **Parameters:**
+
+    principal
+        The principal (user or group) which gets the role added.
+
+    role
+        The role which is assigned.
+    """
+    if isinstance(principal, User):
+        try:
+            ppr = PrincipalRoleRelation.objects.get(user=principal, role=role, content_id=None, content_type=None)
+        except PrincipalRoleRelation.DoesNotExist:
+            PrincipalRoleRelation.objects.create(user=principal, role=role)
+            return True
+    else:
+        try:
+            ppr = PrincipalRoleRelation.objects.get(group=principal, role=role, content_id=None, content_type=None)
+        except PrincipalRoleRelation.DoesNotExist:
+            PrincipalRoleRelation.objects.create(group=principal, role=role)
+            return True
+
+    return False
+
+def add_local_role(obj, principal, role):
+    """Adds a local role to a principal.
+
+    **Parameters:**
+
+    obj
+        The object for which the principal gets the role.
+
+    principal
+        The principal (user or group) which gets the role.
+
+    role
+        The role which is assigned.
+    """
+    ctype = ContentType.objects.get_for_model(obj)
+    if isinstance(principal, User):
+        try:
+            ppr = PrincipalRoleRelation.objects.get(user=principal, role=role, content_id=obj.id, content_type=ctype)
+        except PrincipalRoleRelation.DoesNotExist:
+            PrincipalRoleRelation.objects.create(user=principal, role=role, content=obj)
+            return True
+    else:
+        try:
+            ppr = PrincipalRoleRelation.objects.get(group=principal, role=role, content_id=obj.id, content_type=ctype)
+        except PrincipalRoleRelation.DoesNotExist:
+            PrincipalRoleRelation.objects.create(group=principal, role=role, content=obj)
+            return True
+
+    return False
+
+def remove_role(principal, role):
+    """Removes role from passed principal.
+
+    **Parameters:**
+
+    principal
+        The principal (user or group) from which the role is removed.
+
+    role
+        The role which is removed.
+    """
+    try:
+        if isinstance(principal, User):
+            ppr = PrincipalRoleRelation.objects.get(
+                    user=principal, role=role, content_id=None, content_type=None)
+        else:
+            ppr = PrincipalRoleRelation.objects.get(
+                    group=principal, role=role, content_id=None, content_type=None)
+
+    except PrincipalRoleRelation.DoesNotExist:
+        return False
+    else:
+        ppr.delete()
+
+    return True
+
+def remove_local_role(obj, principal, role):
+    """Removes role from obj and principle.
+
+    **Parameters:**
+
+    obj
+        The object from which the role is removed.
+
+    principal
+        The principal (user or group) from which the role is removed.
+
+    role
+        The role which is assigned.
+    """
+    try:
+        ctype = ContentType.objects.get_for_model(obj)
+
+        if isinstance(principal, User):
+            ppr = PrincipalRoleRelation.objects.get(
+                user=principal, role=role, content_id=obj.id, content_type=ctype)
+        else:
+            ppr = PrincipalRoleRelation.objects.get(
+                group=principal, role=role, content_id=obj.id, content_type=ctype)
+
+    except PrincipalRoleRelation.DoesNotExist:
+        return False
+    else:
+        ppr.delete()
+
+    return True
+
+def remove_roles(principal):
+    """Removes all local roles from passed object and principal (user or
+    group).
+
+    **Parameters:**
+
+    principal
+        The principal (user or group) from which all roles are removed.
+    """
+    try:
+        if obj is None:
+            if isinstance(principal, User):
+                ppr = PrincipalRoleRelation.objects.filter(
+                    user=principal, content_id=None, content_type=None)
+            else:
+                ppr = PrincipalRoleRelation.objects.filter(
+                    group=principal, content_id=None, content_type=None)
+
+        else:
+            ctype = ContentType.objects.get_for_model(obj)
+
+            if isinstance(principal, User):
+                ppr = PrincipalRoleRelation.objects.filter(
+                    user=principal, content_id=obj.id, content_type=ctype)
+            else:
+                ppr = PrincipalRoleRelation.objects.filter(
+                    group=principal, content_id=obj.id, content_type=ctype)
+
+    except PrincipalRoleRelation.DoesNotExist:
+        return False
+    else:
+        ppr.delete()
+
+    return True
+
+def remove_local_roles(obj, principal):
+    """Removes all local roles from passed object and principal (user or
+    group).
+
+    **Parameters:**
+
+    obj
+        The object from which the roles are removed.
+
+    principal
+        The principal (user or group) from which the roles are removed.
+    """
+    try:
+        ctype = ContentType.objects.get_for_model(obj)
+
+        if isinstance(principal, User):
+            ppr = PrincipalRoleRelation.objects.filter(
+                user=principal, content_id=obj.id, content_type=ctype)
+        else:
+            ppr = PrincipalRoleRelation.objects.filter(
+                group=principal, content_id=obj.id, content_type=ctype)
+
+    except PrincipalRoleRelation.DoesNotExist:
+        return False
+    else:
+        ppr.delete()
+
+    return True
+
+def get_roles(principal, obj=None):
+    """Returns all roles of passed user for passed content object. This takes
+    global and local roles into account
+
+    **Parameters:**
+
+    obj
+        The object from which the roles are removed.
+
+    principal
+        The principal (user or group) from which the roles are removed.
+    """
+    roles = get_global_roles(principal)
+
+    if obj is not None:
+        roles.extend(get_local_roles(obj, principal))
+
+    if isinstance(principal, User):
+        for group in principal.groups.all():
+            roles.extend(get_local_roles(obj, group))
+
+    return roles
+
+def get_global_roles(principal):
+    """Returns global roles of passed principal (user or group).
+    """
+    if isinstance(principal, User):
+        return [prr.role for prr in PrincipalRoleRelation.objects.filter(
+            user=principal, content_id=None, content_type=None)]
+    else:
+        return [prr.role for prr in PrincipalRoleRelation.objects.filter(
+            group=principal, content_id=None, content_type=None)]
+
+def get_local_roles(obj, principal):
+    """Returns local for passed user and content object.
+    """
+    ctype = ContentType.objects.get_for_model(obj)
+
+    if isinstance(principal, User):
+        return [prr.role for prr in PrincipalRoleRelation.objects.filter(
+            user=principal, content_id=obj.id, content_type=ctype)]
+    else:
+        return [prr.role for prr in PrincipalRoleRelation.objects.filter(
+            group=principal, content_id=obj.id, content_type=ctype)]
+
+# Permissions ################################################################
+
+def grant_permission(obj, permission, role):
     """Adds passed permission to passed group and object. Returns True if the
     permission was able to be added, otherwise False.
 
     **Parameters:**
 
-        obj
-            The content object for which the permission should be granted.
+    obj
+        The content object for which the permission should be granted.
 
-        permission
-            The permission which should be granted. Either a permission
-            object or the codename of a permission.
+    permission
+        The permission which should be granted. Either a permission
+        object or the codename of a permission.
 
-        user_group
-            The user or group for which the permission should be granted.
+    role
+        The role for which the permission should be granted.
     """
     if not isinstance(permission, Permission):
         try:
             return False
 
     ct = ContentType.objects.get_for_model(obj)
-    if isinstance(user_group, Group):
+    try:
+        ObjectPermission.objects.get(role=role, content_type = ct, content_id=obj.id, permission=permission)
+    except ObjectPermission.DoesNotExist:
         try:
-            ObjectPermission.objects.get(group=user_group, content_type = ct, content_id=obj.id, permission=permission)
-        except ObjectPermission.DoesNotExist:
-            try:
-                result = ObjectPermission.objects.create(group=user_group, content=obj, permission=permission)
-            except IntegrityError:
-                return False
-    else:
-        try:
-            ObjectPermission.objects.get(user=user_group, content_type = ct, content_id=obj.id, permission=permission)
-        except ObjectPermission.DoesNotExist:
-            try:
-                result = ObjectPermission.objects.create(user=user_group, content=obj, permission=permission)
-            except IntegrityError:
-                return False
+            result = ObjectPermission.objects.create(role=role, content=obj, permission=permission)
+        except IntegrityError:
+            return False
+
     return True
 
-def remove_permission(obj, permission, user_group):
-    """Removes passed permission from passed group and object. Returns True if
+def remove_permission(obj, permission, role):
+    """Removes passed permission from passed role and object. Returns True if
     the permission has been removed.
 
     **Parameters:**
 
-        obj
-            The content object for which a permission should be removed.
+    obj
+        The content object for which a permission should be removed.
 
-        permission
-            The permission which should be removed. Either a permission object
-            or the codename of a permission.
+    permission
+        The permission which should be removed. Either a permission object
+        or the codename of a permission.
 
-        user_group
-            The user or group for which a permission should be removed.
+    role
+        The role for which a permission should be removed.
     """
     if not isinstance(permission, Permission):
         try:
 
     ct = ContentType.objects.get_for_model(obj)
 
-    if isinstance(user_group, Group):
-        try:
-            op = ObjectPermission.objects.get(group=user_group, content_type = ct, content_id=obj.id, permission = permission)
-        except ObjectPermission.DoesNotExist:
-            return False
-    else:
-        try:
-            op = ObjectPermission.objects.get(user=user_group, content_type = ct, content_id=obj.id, permission = permission)
-        except ObjectPermission.DoesNotExist:
-            return False
+    try:
+        op = ObjectPermission.objects.get(role=role, content_type = ct, content_id=obj.id, permission = permission)
+    except ObjectPermission.DoesNotExist:
+        return False
+
     op.delete()
     return True
 
-def has_permission(obj, codename, user, groups=[]):
+def has_permission(obj, codename, user, roles=[]):
     """Checks whether the passed user has passed permission for passed object.
 
     **Parameters:**
     if user.is_anonymous():
         user = None
     else:
-        groups.extend(Group.objects.filter(user=user))
+        roles.extend(get_roles(user, obj))
 
     ct = ContentType.objects.get_for_model(obj)
 
     while obj is not None:
-        if user:
-            p = ObjectPermission.objects.filter(
-                content_type=ct, content_id=obj.id, user=user, permission__codename = codename)
-
-            if p.count() > 0:
-                return True
-
         p = ObjectPermission.objects.filter(
-            content_type=ct, content_id=obj.id, group__in=groups, permission__codename = codename)
+            content_type=ct, content_id=obj.id, role__in=roles, permission__codename = codename)
 
         if p.count() > 0:
             return True
     else:
         return False
 
-def get_group(name):
-    """Returns the group with given or None if it doesn't exit.
+def get_role(name):
+    """Returns the role with given name or None if it doesn't exit.
     """
     try:
-        return Group.objects.get(name=name)
-    except Group.DoesNotExist:
+        return Role.objects.get(name=name)
+    except Role.DoesNotExist:
         return None
 
 def reset(obj):
     permission.delete()
     return True
 
-def register_group(name):
-    """Registers a group with passed name to the framework. Creates a Django
-    default group. Returns the new group if the registration was successfully,
-    otherwise False.
+def register_role(name):
+    """Registers a group with passed name to the framework. Returns the new
+    role if the registration was successfully, otherwise False.
+
+    **Parameters:**
+
+    name
+        The unique group name.
+    """
+    try:
+        role = Role.objects.create(name=name)
+    except IntegrityError:
+        return False
+    return role
+
+def unregister_role(name):
+    """Unregisters the role with passed name.
 
     **Parameters:**
 
         name
-            The unique group name.
+            The unique role name.
     """
     try:
-        group = Group.objects.create(name=name)
-    except IntegrityError:
-        return False
-    return group
-
-def unregister_group(name):
-    """Unregisters the group with passed name. This will remove a Django
-    default group with passed name.
-
-    **Parameters:**
-
-        name
-            The unique group name.
-    """
-    try:
-        group = Group.objects.get(name=name)
-    except Group.DoesNotExist:
+        role = Role.objects.get(name=name)
+    except Role.DoesNotExist:
         return False
 
-    group.delete()
+    role.delete()
     return True